<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" lang="zh-CN">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<meta name="keywords" content="SecWiki，维基，安全，资讯，专题，导航，RSS聚合，Ｗeb安全，Ｗeb安全，移动平台，二进制安全，恶意分析，网络安全，设备安全，运维技术，编程技术，书籍推荐">
	<title>SecWiki周刊（第160期)</title>
	<link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/bootstrap.css"/>
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/styles.css" />
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/people.css" />
    <link rel="shortcut icon" href="https://secwiki.b0.upaiyun.com/img/favicon.ico">
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <script src="//upcdn.b0.upaiyun.com/libs/jquery/jquery-1.8.3.min.js"></script>
</head>

<body>
<div class="navbar navbar-fixed-top"><div class="navbar-inner"><div class="container"><a class="btn btn-navbar" data-toggle="collapse" data-target="#yii_bootstrap_collapse_0"><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></a><a href="/index.php" class="brand"><img src="https://secwiki.b0.upaiyun.com/logo.jpg" alt="" /></a><div class="nav-collapse collapse" id="yii_bootstrap_collapse_0"><form class="navbar-search pull-right" action="/news/search">
         <input type="text" class="search-query span2" name="wd" placeholder="SecWiki">
        </form>
    	<ul id="yw0" class="nav"><li><a href="/index.php">首页</a></li><li><a href="/event">新闻</a></li><li><a href="/news">技术</a></li><li><a href="/skill">技能</a></li><li><a href="/topic">专题</a></li><li><a href="/book">书籍</a></li><li><a href="/user/members">成员</a></li><li><a href="/opml/index">聚合</a></li><li><a href="/tougao/create">投稿</a></li></ul></div></div></div></div>
<div class="container" id="page">
			<!-- breadcrumbs -->
	
    <div style="margin-left: 15px;">
	    <div class="row-fluid">
    <div id="content">
            <link rel="stylesheet" type="text/css" href="/css/mweekly.css"/>

<h5><strong>SecWiki周刊（第160期）</strong></h5>
<blockquote> 2017/03/20-2017/03/26</blockquote>
<section id="news">
    <div class="weeklydivide">
      <strong>安全资讯</strong>
    </div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>DARPA斥资860万美元计划打造电网攻击预警系统<br><a target="_blank" href="http://www.freebuf.com/news/129435.html">http://www.freebuf.com/news/129435.html</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>Web application attack trends: government, e-commerce, and finance in the spotli<br><a target="_blank" href="http://blog.ptsecurity.com/2017/02/web-application-attack-trends.html">http://blog.ptsecurity.com/2017/02/web-application-attack-trends.html</a></div><div class="single"><span id="tags">[人物]&nbsp;&nbsp;</span>张嵩：东西方安全理念“左右互搏”｜人物<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzIzMTAzNzUxMQ==&amp;mid=2652878646&amp;idx=1&amp;sn=d98dda141374aed2b4b9615f39f2faaa&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzIzMTAzNzUxMQ==&amp;mid=2652878646&amp;idx=1&amp;sn=d98dda141374aed2b4b9615f39f2faaa&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>Stop using password manager browser extensions <br><a target="_blank" href="https://securingtomorrow.mcafee.com/business/security-connected/stop-using-password-manager-browser-extensions/">https://securingtomorrow.mcafee.com/business/security-connected/stop-using-password-manager-browser-extensions/</a></div></section><section id="news">
    <div class="weeklydivide">
      <strong>安全技术</strong>
    </div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>CVE-2017-0100 Windows COM 特权提升漏洞实战<br><a target="_blank" href="http://blog.inspired-sec.com/archive/2017/03/17/COM-Moniker-Privesc.html">http://blog.inspired-sec.com/archive/2017/03/17/COM-Moniker-Privesc.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>本屌的web漏洞扫描器思路 技巧总结（域名信息收集篇）<br><a target="_blank" href="http://media.weibo.cn/article?id=2309404088584863883789">http://media.weibo.cn/article?id=2309404088584863883789</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Burp Suite证书导入证书(https抓包前提)<br><a target="_blank" href="http://www.keen8.com/post-164.html">http://www.keen8.com/post-164.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>DoubleAgent: Zero-Day Code Injection and Persistence Technique<br><a target="_blank" href="https://cybellum.com/doubleagentzero-day-code-injection-and-persistence-technique/">https://cybellum.com/doubleagentzero-day-code-injection-and-persistence-technique/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>0CTF 2017 Web WriteUP<br><a target="_blank" href="http://momomoxiaoxi.com/2017/03/21/0CTF/">http://momomoxiaoxi.com/2017/03/21/0CTF/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>手把手教你栈溢出从入门到放弃（上）<br><a target="_blank" href="https://zhuanlan.zhihu.com/p/25816426">https://zhuanlan.zhihu.com/p/25816426</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>SQL注入+XXE+文件遍历漏洞组合拳<br><a target="_blank" href="http://paper.seebug.org/256/">http://paper.seebug.org/256/</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>代码安全、无线攻防、逻辑漏洞与白帽子普法：FreeTalk上海站PPT下载<br><a target="_blank" href="http://www.freebuf.com/fevents/129723.html">http://www.freebuf.com/fevents/129723.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>手把手教你栈溢出从入门到放弃（下）<br><a target="_blank" href="https://zhuanlan.zhihu.com/p/25892385">https://zhuanlan.zhihu.com/p/25892385</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Schtasks-Backdoor: Powershell 权限维持后门<br><a target="_blank" href="https://github.com/re4lity/Schtasks-Backdoor">https://github.com/re4lity/Schtasks-Backdoor</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Struts2-046漏洞（含poc）<br><a target="_blank" href="http://thief.one/2017/03/21/Struts2-046%E6%BC%8F%E6%B4%9E/">http://thief.one/2017/03/21/Struts2-046%E6%BC%8F%E6%B4%9E/</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>【干货梳理】Vault7文档曝光的那些CIA网络武器<br><a target="_blank" href="http://www.freebuf.com/news/129569.html">http://www.freebuf.com/news/129569.html</a></div><div class="single"><span id="tags">[视频]&nbsp;&nbsp;</span>USENIX Enigma 2017 大会视频<br><a target="_blank" href="https://www.youtube.com/channel/UCIdV7bE97mSPTH1mOi_yUrw">https://www.youtube.com/channel/UCIdV7bE97mSPTH1mOi_yUrw</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Struts2-046: A new vector<br><a target="_blank" href="https://community.hpe.com/t5/Security-Research/Struts2-046-A-new-vector/ba-p/6949723">https://community.hpe.com/t5/Security-Research/Struts2-046-A-new-vector/ba-p/6949723</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>HackerOne第二名白帽专访：业余挖洞，两年赚 40 万美金<br><a target="_blank" href="http://www.4hou.com/info/news/3923.html">http://www.4hou.com/info/news/3923.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>Git必备技能<br><a target="_blank" href="http://www.cnblogs.com/zitayang/p/5750348.html">http://www.cnblogs.com/zitayang/p/5750348.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>基于 docker 的蜜罐系统设计<br><a target="_blank" href="https://lightless.me/archives/docker-honeypot.html">https://lightless.me/archives/docker-honeypot.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>不做“冤大头”—高科技出老千工具大揭秘！<br><a target="_blank" href="http://mp.weixin.qq.com/s/pqJH49p1Sp5X7iX0AEEokQ">http://mp.weixin.qq.com/s/pqJH49p1Sp5X7iX0AEEokQ</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Attackers Leverage Excel, PowerShell and DNS in Latest Non-Malware Attack<br><a target="_blank" href="https://www.carbonblack.com/2017/03/15/attackers-leverage-excel-powershell-dns-latest-non-malware-attack/">https://www.carbonblack.com/2017/03/15/attackers-leverage-excel-powershell-dns-latest-non-malware-attack/</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>Linux服务器入侵检测基础<br><a target="_blank" href="http://thief.one/2017/03/24/Linux%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%85%A5%E4%BE%B5%E6%A3%80%E6%B5%8B%E5%9F%BA%E7%A1%80/">http://thief.one/2017/03/24/Linux%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%85%A5%E4%BE%B5%E6%A3%80%E6%B5%8B%E5%9F%BA%E7%A1%80/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>sqlsus:开源的Mysql注入工具<br><a target="_blank" href="http://sqlsus.sourceforge.net/">http://sqlsus.sourceforge.net/</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>学点算法搞安全之SVM<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzIwOTc0MDU3NA==&amp;mid=2247483856&amp;idx=1&amp;sn=99e6626f4c86702594de374db499f388&amp;chksm=976e77a1a019feb7f97f3966bbba07bd561fb4f4069b5ed386ac134906e9a86ca28ec03c843f&amp;mpshare=1&amp;scene=1&amp;srcid=0322jI3bd1v4yEq8xPfKFwSA&amp;key=60fe7ed">https://mp.weixin.qq.com/s?__biz=MzIwOTc0MDU3NA==&amp;mid=2247483856&amp;idx=1&amp;sn=99e6626f4c86702594de374db499f388&amp;chksm=976e77a1a019feb7f97f3966bbba07bd561fb4f4069b5ed386ac134906e9a86ca28ec03c843f&amp;mpshare=1&amp;scene=1&amp;srcid=0322jI3bd1v4yEq8xPfKFwSA&amp;key=60fe7ed</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>支付风控模型分析<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzI4OTQ3MTI2NA==&amp;mid=2247483743&amp;idx=1&amp;sn=731cc0273731e52dc9daa109188f175d&amp;scene=0#wechat_redirect">http://mp.weixin.qq.com/s?__biz=MzI4OTQ3MTI2NA==&amp;mid=2247483743&amp;idx=1&amp;sn=731cc0273731e52dc9daa109188f175d&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>A Red Teamer&#039;s guide to pivoting  各类代理，隧道技术总结<br><a target="_blank" href="https://artkond.com/2017/03/23/pivoting-guide/">https://artkond.com/2017/03/23/pivoting-guide/</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>值得购买的安全书籍<br><a target="_blank" href="http://www.bloodzer0.com/index.php/archives/16/">http://www.bloodzer0.com/index.php/archives/16/</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>移动安全研究资料总结（2016年度）<br><a target="_blank" href="http://www.droidsec.cn/%E7%A7%BB%E5%8A%A8%E5%AE%89%E5%85%A8%E7%A0%94%E7%A9%B6%E8">http://www.droidsec.cn/%E7%A7%BB%E5%8A%A8%E5%AE%89%E5%85%A8%E7%A0%94%E7%A9%B6%E8</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Python Pickle的任意代码执行漏洞实践和Payload构造<br><a target="_blank" href="http://www.polaris-lab.com/index.php/archives/178/">http://www.polaris-lab.com/index.php/archives/178/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>抓住“新代码”的影子 —— 基于GoAhead系列网络摄像头多个漏洞分析<br><a target="_blank" href="http://paper.seebug.org/252/?from=timeline&amp;isappinstalled=0">http://paper.seebug.org/252/?from=timeline&amp;isappinstalled=0</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>w8ayScan扫描器 实验楼版本<br><a target="_blank" href="https://github.com/boy-hack/shiyanlouscan">https://github.com/boy-hack/shiyanlouscan</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>利用背景流量数据（contexual flow data）识别TLS加密恶意流量 <br><a target="_blank" href="http://www.arkteam.net/?p=1631">http://www.arkteam.net/?p=1631</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>爬取搜索引擎之搜狗<br><a target="_blank" href="http://thief.one/2017/03/19/%E7%88%AC%E5%8F%96%E6%90%9C%E7%B4%A2%E5%BC%95%E6%93%8E%E4%B9%8B%E6%90%9C%E7%8B%97/">http://thief.one/2017/03/19/%E7%88%AC%E5%8F%96%E6%90%9C%E7%B4%A2%E5%BC%95%E6%93%8E%E4%B9%8B%E6%90%9C%E7%8B%97/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>应用架构好书推荐 | 架构师之路必读系列<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzIwODA4NjMwNA==&amp;mid=2652898365&amp;idx=1&amp;sn=39f523c3b7e61135b7c473833fbe4708&amp;chksm=8cdcd072bbab5964adee4afa627fbbbc7f55aeaa272d68274d8ca95ce81d43b40cfab9581262&amp;scene=0&amp;key=ba1020d849de95c4529b680256c853ba3ccd8a5cfa6a4368">https://mp.weixin.qq.com/s?__biz=MzIwODA4NjMwNA==&amp;mid=2652898365&amp;idx=1&amp;sn=39f523c3b7e61135b7c473833fbe4708&amp;chksm=8cdcd072bbab5964adee4afa627fbbbc7f55aeaa272d68274d8ca95ce81d43b40cfab9581262&amp;scene=0&amp;key=ba1020d849de95c4529b680256c853ba3ccd8a5cfa6a4368</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Python与它的opcode <br><a target="_blank" href="http://phantom0301.cc/2017/03/24/pythonopcode/">http://phantom0301.cc/2017/03/24/pythonopcode/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>Pass-the-Hash Is Dead: Long Live LocalAccountTokenFilterPolicy<br><a target="_blank" href="http://www.harmj0y.net/blog/redteaming/pass-the-hash-is-dead-long-live-localaccounttokenfilterpolicy/">http://www.harmj0y.net/blog/redteaming/pass-the-hash-is-dead-long-live-localaccounttokenfilterpolicy/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>Nginx负载均衡与反向代理—《亿级流量网站架构核心技术》<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzIwODA4NjMwNA==&amp;mid=2652898369&amp;idx=1&amp;sn=046a197ca25668556a93bc8e003e7560&amp;chksm=8cdcd00ebbab5918bd6ef7a462fe1d8c6c0d430e1a78cb1cf27efdec0214c17d92ae785900b3&amp;scene=0&amp;key=aeef07f20676c0a96ba632163a9bc2995b5de891661fae86">https://mp.weixin.qq.com/s?__biz=MzIwODA4NjMwNA==&amp;mid=2652898369&amp;idx=1&amp;sn=046a197ca25668556a93bc8e003e7560&amp;chksm=8cdcd00ebbab5918bd6ef7a462fe1d8c6c0d430e1a78cb1cf27efdec0214c17d92ae785900b3&amp;scene=0&amp;key=aeef07f20676c0a96ba632163a9bc2995b5de891661fae86</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>渗透测试 Node.js 应用<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&amp;mid=2458282293&amp;idx=1&amp;sn=8f6953d2629eedc2ebefe8f119528890&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&amp;mid=2458282293&amp;idx=1&amp;sn=8f6953d2629eedc2ebefe8f119528890&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>CISSP认证读书笔记（持续更新）<br><a target="_blank" href="http://www.bloodzer0.com/index.php/archives/13/">http://www.bloodzer0.com/index.php/archives/13/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>如何悄无声息的对RDP和远程会话进行劫持？<br><a target="_blank" href="http://www.4hou.com/info/news/3898.html">http://www.4hou.com/info/news/3898.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>StrutsHoneypot -- 基于 Apache 2 的蜜罐<br><a target="_blank" href="https://github.com/Cymmetria/StrutsHoneypot">https://github.com/Cymmetria/StrutsHoneypot</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>支付风控数据仓库建设<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzI4OTQ3MTI2NA==&amp;mid=2247483710&amp;idx=1&amp;sn=4910f5b3f7dad9eaa29b080a225fdf35&amp;scene=0#wechat_redirect">http://mp.weixin.qq.com/s?__biz=MzI4OTQ3MTI2NA==&amp;mid=2247483710&amp;idx=1&amp;sn=4910f5b3f7dad9eaa29b080a225fdf35&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>logtamper: python修改linux日志<br><a target="_blank" href="https://github.com/re4lity/logtamper">https://github.com/re4lity/logtamper</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>EasyCMS开源系统分析（一）<br><a target="_blank" href="http://ecma.io/?p=631">http://ecma.io/?p=631</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>谈谈软件供应链污染<br><a target="_blank" href="http://www.freebuf.com/special/129231.html">http://www.freebuf.com/special/129231.html</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>基于Elasticsearch实现搜索推荐<br><a target="_blank" href="http://ginobefunny.com/post/search_recommendation_implemention_based_elasticsearch/?hmsr=toutiao.io&amp;utm_medium=toutiao.io&amp;utm_source=toutiao.io">http://ginobefunny.com/post/search_recommendation_implemention_based_elasticsearch/?hmsr=toutiao.io&amp;utm_medium=toutiao.io&amp;utm_source=toutiao.io</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Struts2漏洞利用原理及OGNL机制研究<br><a target="_blank" href="https://xianzhi.aliyun.com/forum/read/1400.html">https://xianzhi.aliyun.com/forum/read/1400.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>ATTACKING RDP -How to Eavesdrop on Poorly Secured RDP Connections<br><a target="_blank" href="https://www.exploit-db.com/docs/41621.pdf">https://www.exploit-db.com/docs/41621.pdf</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Have you been haunted by the Gh0st RAT today? <br><a target="_blank" href="http://www.volexity.com/blog/2017/03/23/have-you-been-haunted-by-the-gh0st-rat-today/">http://www.volexity.com/blog/2017/03/23/have-you-been-haunted-by-the-gh0st-rat-today/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>BSidesSF 2017 - Hijacking .NET to Defend PowerShell (Amanda Rousseau)<br><a target="_blank" href="https://www.youtube.com/watch?v=YXjIVuX6zQk">https://www.youtube.com/watch?v=YXjIVuX6zQk</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>WMImplant – A WMI Based Agentless Post-Exploitation RAT Developed in PowerShell<br><a target="_blank" href="https://www.fireeye.com/blog/threat-research/2017/03/wmimplant_a_wmi_ba.html">https://www.fireeye.com/blog/threat-research/2017/03/wmimplant_a_wmi_ba.html</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Android Security 2016 Year In Review<br><a target="_blank" href="https://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2016_Report_Final.pdf">https://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2016_Report_Final.pdf</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>SQL语句利用日志写shell<br><a target="_blank" href="http://www.bloodzer0.com/index.php/archives/17/">http://www.bloodzer0.com/index.php/archives/17/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>S2-046漏洞调试及初步分析<br><a target="_blank" href="https://xianzhi.aliyun.com/forum/read/1414.html">https://xianzhi.aliyun.com/forum/read/1414.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Dridex网银木马样本技术分析与防护方案 <br><a target="_blank" href="http://blog.nsfocus.net/dridex-online-image-analysis-protection-program/">http://blog.nsfocus.net/dridex-online-image-analysis-protection-program/</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>iOS Security<br><a target="_blank" href="https://www.apple.com/business/docs/iOS_Security_Guide.pdf">https://www.apple.com/business/docs/iOS_Security_Guide.pdf</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Dagda: The Docker Security Suite[Docker安全扫描工具]<br><a target="_blank" href="http://pentestit.com/dagda-docker-security-suite/">http://pentestit.com/dagda-docker-security-suite/</a></div><div class="single"><span id="tags">[杂志]&nbsp;&nbsp;</span>SecWiki周刊（第159期)<br><a target="_blank" href="https://www.sec-wiki.com/weekly/159">https://www.sec-wiki.com/weekly/159</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>SaaS 创业公司安全基础(security-101-for-saas-startups )<br><a target="_blank" href="https://github.com/Hopsken/security-101-for-saas-startups-zh_CN">https://github.com/Hopsken/security-101-for-saas-startups-zh_CN</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Winnti Abuses GitHub for C&amp;C Communications<br><a target="_blank" href="http://blog.trendmicro.com/trendlabs-security-intelligence/winnti-abuses-github/">http://blog.trendmicro.com/trendlabs-security-intelligence/winnti-abuses-github/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Advanced Web Scraping: Bypassing &quot;403 Forbidden,&quot; captchas, and more<br><a target="_blank" href="http://sangaline.com/post/advanced-web-scraping-tutorial/">http://sangaline.com/post/advanced-web-scraping-tutorial/</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>伪基站那些事儿-专业版<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzA4NTEwMzQ5OQ==&amp;mid=2649250331&amp;idx=1&amp;sn=0dfdd9c09f73996d8e95014ffa9162f9&amp;scene=0#wechat_redirect">http://mp.weixin.qq.com/s?__biz=MzA4NTEwMzQ5OQ==&amp;mid=2649250331&amp;idx=1&amp;sn=0dfdd9c09f73996d8e95014ffa9162f9&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>金融企业安全建设探索之异常访问检测系统<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI2MjQ1NTA4MA==&amp;mid=2247483719&amp;idx=1&amp;sn=00cb5fccde1e028872b0c4b7d5022928&amp;chksm=ea4bab00dd3c2216967b9bcae8ecceb067672e0d0996f4a25342f1518150ee5470f56c0bd469&amp;mpshare=1&amp;scene=1&amp;srcid=0320vZNm0ZOOCvu2vZnfihyZ&amp;key=8b1ec02">https://mp.weixin.qq.com/s?__biz=MzI2MjQ1NTA4MA==&amp;mid=2247483719&amp;idx=1&amp;sn=00cb5fccde1e028872b0c4b7d5022928&amp;chksm=ea4bab00dd3c2216967b9bcae8ecceb067672e0d0996f4a25342f1518150ee5470f56c0bd469&amp;mpshare=1&amp;scene=1&amp;srcid=0320vZNm0ZOOCvu2vZnfihyZ&amp;key=8b1ec02</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>Adventures with Windows IoT Core Kernel debugging.<br><a target="_blank" href="https://tribalchicken.io/adventures-with-windows-iot-core-kernel-debugging/">https://tribalchicken.io/adventures-with-windows-iot-core-kernel-debugging/</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>企业无线安全解决方案——分析无线攻击行为与制定防御规则安全策略<br><a target="_blank" href="http://m.bobao.360.cn/learning/detail/3613.html">http://m.bobao.360.cn/learning/detail/3613.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>实施情报先导的信息安全方法与实践<br><a target="_blank" href="http://danqingdani.blog.163.com/blog/static/186094195201722373135164">http://danqingdani.blog.163.com/blog/static/186094195201722373135164</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>PHP Extensions - What and Why<br><a target="_blank" href="https://derickrethans.nl/talks/phpexts-zendcon11.pdf">https://derickrethans.nl/talks/phpexts-zendcon11.pdf</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>我是如何获取全域用户明文密码的？<br><a target="_blank" href="http://www.freebuf.com/articles/system/129412.html">http://www.freebuf.com/articles/system/129412.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution <br><a target="_blank" href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>CuckooSploit: automated analysis of web-based exploits, based on Cuckoobox<br><a target="_blank" href="https://github.com/davidoren/CuckooSploit">https://github.com/davidoren/CuckooSploit</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>SSH端口转发情景模拟<br><a target="_blank" href="http://www.freebuf.com/articles/network/129434.html">http://www.freebuf.com/articles/network/129434.html</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>DoubleAgent<br><a target="_blank" href="https://github.com/Cybellum/DoubleAgent">https://github.com/Cybellum/DoubleAgent</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>iodine: Official git repo for iodine dns tunnel<br><a target="_blank" href="https://github.com/yarrick/iodine">https://github.com/yarrick/iodine</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>记一次手撸CPython bytecode<br><a target="_blank" href="http://0x48.pw/2017/03/20/0x2f/">http://0x48.pw/2017/03/20/0x2f/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>The cost of launching a DDoS attack<br><a target="_blank" href="https://securelist.com/analysis/publications/77784/the-cost-of-launching-a-ddos-attack/">https://securelist.com/analysis/publications/77784/the-cost-of-launching-a-ddos-attack/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>利用思维导图快速读懂框架和理清思路之禅道<br><a target="_blank" href="https://xianzhi.aliyun.com/forum/mobile/read/1411.html">https://xianzhi.aliyun.com/forum/mobile/read/1411.html</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>支付风控场景分析<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzI4OTQ3MTI2NA==&amp;mid=2247483705&amp;idx=1&amp;sn=f036819823692e65dce62bed1280bf17&amp;scene=0#wechat_redirect">http://mp.weixin.qq.com/s?__biz=MzI4OTQ3MTI2NA==&amp;mid=2247483705&amp;idx=1&amp;sn=f036819823692e65dce62bed1280bf17&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Information Disclosure Issues and Attacks in Web Applications<br><a target="_blank" href="https://www.netsparker.com/blog/web-security/information-disclosure-issues-attacks/?utm_source=facebook.com&amp;utm_medium=social&amp;utm_content=information_disclosure&amp;utm_campaign=netsparker+social+media">https://www.netsparker.com/blog/web-security/information-disclosure-issues-attacks/?utm_source=facebook.com&amp;utm_medium=social&amp;utm_content=information_disclosure&amp;utm_campaign=netsparker+social+media</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>暗战：闪存产品数据安全攻防<br><a target="_blank" href="http://www.freebuf.com/articles/database/129650.html">http://www.freebuf.com/articles/database/129650.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Your questions answered about Mirai Botnet <br><a target="_blank" href="https://blog.apnic.net/2017/03/21/questions-answered-mirai-botnet/">https://blog.apnic.net/2017/03/21/questions-answered-mirai-botnet/</a></div></section>
<section id="news">
        <pre style="margin-top: 15px; margin-bottom: 15px; padding: 6px 10px; max-width: 100%; color: rgb(62, 62, 62); background-color: rgb(255, 255, 255); -webkit-print-color-adjust: exact; border-width: 1px; border-style: solid; border-color: rgb(204, 204, 204); font-size: 13px; line-height: 19px; overflow: auto; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;"><code class="" style="max-width: 100%; -webkit-print-color-adjust: exact; border-width: initial; border-style: none; border-color: initial; background-color: transparent; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;">-----微信ID：SecWiki-----
SecWiki，5年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com</code></pre>
    <p style="max-width: 100%; min-height: 1em; color: rgb(62, 62, 62); font-size: 16px; white-space: normal; background-color: rgb(255, 255, 255); box-sizing: border-box !important; word-wrap: break-word !important;"><span style="max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">本期原文地址:<span style="max-width: 100%; font-family: Helvetica, arial, sans-serif; box-sizing: border-box !important; word-wrap: break-word !important;">&nbsp;<a href="https://www.sec-wiki.com/weekly/160">SecWiki周刊(第160期)</a></span><br style="max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"></span></p>
</section>
    </div><!-- content -->
</div>
    </div>
</div>

<div id="footer" class="footer">
		<div class="container"  style="margin-top: 5px;">
			<div class="span3">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">最新公告</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='http://www.sec-wiki.com/about/donate'>2016-01-01 打赏功能开通</a><br>
						<a href='http://www.sec-wiki.com/about/join'>2015-01-05 如何加入SecWiki</a><br>
						<a href='http://www.sec-wiki.com/about/submit'>2014-08-08 如何快捷提交资讯</a><br>
						<a href='http://www.sec-wiki.com/about/index'>2012-07-01 关于SecWiki</a><br>
				</div>
			</div>

			<div class="span5">
				<div class="one-third column">
					<h5 class="title">
						<a target="_blank" href="/nav/index">友情链接</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='https://www.secsilo.com/'>安全沙漏</a>&nbsp;
						<a href='http://www.freebuf.com/'>Freebuf</a>&nbsp;
						<a href='http://www.anquanquan.info/'>安全圈</a>&nbsp;
						<a href='http://navisec.it/'>Navisec</a>&nbsp;
                        <a href='http://das.scusec.org'>小黑屋</a>&nbsp;
                        <a href='http://www.polaris-lab.com/'>勾陈Lab</a>
                        <br>
						<a href='http://www.ijiandao.com'>网络尖刀</a>&nbsp;
                        <a href='http://www.shellpub.com/'>ShellPub</a>&nbsp;
                        <a href='http://www.secpulse.com/?secwiki'>SecPulse</a>&nbsp;
                        <a href='https://www.secquan.org/'>圈子</a>
                        <a href='http://bluereader.org/'>深蓝阅读</a>&nbsp;<br>
                        <a href='http://www.bugbank.cn/'>漏洞银行</a>
                        <a href='http://bobao.360.cn/'>安全客</a>
                        <a href='http://www.secfree.com/'>指尖安全</a>
                        <a href='https://www.easyaq.com/'>E安全</a>
                        <a href='http://www.vipread.com/'>安全slide</a>

                        <a href="/link">更多</a>
					</p>
				</div>
			</div>

			<div class="span2">
			    <div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">SecWiki公众号</a>						<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/weixin.jpg">
					</div>
				</div>
			</div>

			<div class="span2">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/donate">安全学术圈</a>					<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/secquan.jpg">
					</div>
				</div>
			</div>

		</div>
		<div class="container" style="margin-top:5px;margin-bottom: 10px;">
			<div class="span9">
					Copyright &copy;
					2019                    琼ICP备16003361号-4
                    SecWiki
					<a href="/news/rss">
						<img src="/img/rss.gif" border="0" width="36px" height="14px" alt="订阅SecWiki">
					</a>
					<a href="https://www.upyun.com/">
						<img src="https://secwiki.b0.upaiyun.com/upyun.png" width="80" border="0" alt="UPYUN">
					</a>
					<a href="http://www.vultr.com/?ref=6885244">
						<img src="https://secwiki.b0.upaiyun.com/vultr.png" width="100" border="0" alt="vultr">
					</a>&nbsp;&nbsp;
			</div>
		</div>
</div><!-- footer -->
<div id="csswithjs">
        <script type="text/javascript">
            var _bdhmProtocol = (("https:" == document.location.protocol) ? " https://" : " http://");
            document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3Fbad84ea1f314383f8da7949aad5c2199' type='text/javascript'%3E%3C/script%3E"));
    </script>
</div>
<script type="text/javascript" src="https://secwiki.b0.upaiyun.com/js/bs.min.js"></script>
<script type="text/javascript">
/*<![CDATA[*/
jQuery(function($) {
jQuery('[data-toggle=popover]').popover();
jQuery('body').tooltip({"selector":"[data-toggle=tooltip]"});
jQuery('#yii_bootstrap_collapse_0').collapse({'parent':false,'toggle':false});
});
/*]]>*/
</script>
</body>
<!-- page -->
</html>
